SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XVIII - Issue #6

January 22, 2016

Update: The PIVOT project, providing free realistic, hands-on exercises
for aspiring cyber pros, got more than 2,000 visitors in its first 7
days. Many were not members of college cyber clubs and asked if they
could still use the exercises and win the Amazon gift certificates. The
answer is yes and the updated information is in the last news item of
this newsletter and also at http://pivotproject.org. Alan

STORM CENTER TECH CORNER

Splunk is named a leader in the 2015 Gartner SIEM Magic Quadrant for the 3rd time in a row and remains at the forefront of solving advanced and emerging SIEM use cases. Learn how Splunk security analytics can dramatically improve the detection, response and recovery from advanced threats. Get your copy of the report today. http://www.sans.org/info/180747

Safe Harbor Deadline Looming (January 20 and 21, 2016)

Privacy regulators in the European Union (EU) may restrict US/EU data transfers unless negotiators reach a deal that satisfies EU data security and privacy concerns by January 31, 2016. Late last year, the European Court of Justice invalidated a Safe Harbor agreement between the US and EU due to concerns about US surveillance practices. The decision about whether to restrict data transfers will be made at a February 2, 2016 plenary meeting of the Article 29 Working Party -http://thehill.com/policy/cybersecurity/266572-eu-regulators-could-freeze-safe-harbor-alternatives-http://www.csmonitor.com/World/Passcode/2016/0120/What-the-end-of-Safe-Harbor-means-for-the-digital-economy-http://www.reuters.com/article/us-eu-dataprotection-usa-idUSKCN0UY2Y7[Editor's Note (Murray): The Safe Harbor agreement was invalidated because it left the citizen whose privacy was violated "no recourse," such as is provided to him under European law. He probably would not even have the recourse that an American citizen would have, a right to sue. Americans have not been very successful in suing because of the difficulty of showing damage. No such showing is required for resource under European law. It seems unlikely that we will grant a remedy to European citizens a remedy that is not available to our own. (Liston): The biggest sticking point in the negotiations around this deadline comes down to a fundamental difference in the level of "damage" that must shown in order organizations to be liable for information disclosures. I sincerely doubt the US will bow to pressure to lower the "damage bar" for lawsuits from the EU. ]************************** SPONSORED LINKS ******************************** 1) Why You Need Application Security. Thursday, January 28, 2016 at 1:00 PM EST (18:00:00 UTC) with Johannes B. Ullrich, Ph.D. and Joseph Feiman. http://www.sans.org/info/182952

3) What are the most useful APPSEC processes/tools for your org? Take Survey - Enter to Win $400 Amazon Card http://www.sans.org/info/182962***************************************************************************

Symantec Finds a RAT (January 21, 2016)

Symantec has issued a warning about a remote access Trojan (RAT) that is targeting small and mid-sized businesses (SMBs) in India, the UK, and the US. This particular variant uses the Backdoor.Breut and Trojan.Nancrat RAT tools; it has been active since early last year. The malware is spreading through phishing emails. No zero-days are being used in the attack, to systems that are up to date on patches should be protected. -http://www.eweek.com/security/symantec-finds-a-rat-going-after-u.s.-uk-and-india-smbs.html

The PIVOT project for collegiate cyber clubs launched today. If you have tried to hire cybersecurity people with solid hands-on skills you know how hard that is. Club programs are effective when they have regular meetings where participants learn about a tool or technique and then have an hour or more of hands-on exercise. Putting together weekly programs like that was very challenging for most schools until the PIVOT project was launched. PIVOT is a growing collection of short briefings with fun and challenging on-line or downloadable exercises that have been gathered and curated by BSides, several colleges, CounterHack Challenges, SANS, and with a little financial help from NSF. The PIVOT exercises are available free to collegiate clubs throughout the U.S., and today PIVOT launched a contest with substantial Amazon gift certificates as prizes, for ANYONE who completes at least ONE exercise (each additional entry gets you an extra chance to win the Amazon gift certificates) in the current collection and provides feedback within 33 days.

John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service.

Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response.

Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations.

Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course.

Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries.

Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security.

Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT.

Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org).

Tom Liston is member of the Cyber Network Defense team at Dark Matter, a security consulting firm in the UAE. He is also a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and non-profits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project.

Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security.

Alan Paller is director of research at the SANS Institute.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/